Ransomware victim disclosure
← All victimsGrafana / Coinbase
Claimed by coinbasecartel · listed 4 days ago
Status timeline
- Listed
May 28, 2026
- Data leaked
At a glance
- Group
- coinbasecartel
- Status
- Data leaked
- Sector
- Technology/Finance
- Listed on leak site
- May 28, 2026
About the victim
AI dossier — public-source company profileGrafana and Coinbase are major technology/finance companies. Grafana is a popular open-source monitoring and visualization platform; Coinbase is a leading cryptocurrency exchange. This post appears to conflate or reference multiple victims simultaneously.
- Industry
- Technology/Finance
Attack summary
Severity: high — Claims of exfiltration from high-profile technology and finance companies with confirmed access and internal file samples. Grafana and Coinbase handle sensitive infrastructure and financial data. Multiple corroborating victim claims in same post add credibility to operational scope, though no specific regulated data categories are explicitly confirmed.The threat actor claims to have breached Grafana and/or Coinbase systems, exfiltrating files including jsonnet configuration and internal data. The group states victims were unaware of the breach and claims prolonged unauthorized access. The post also lists numerous other alleged victims (Cognizant, Peru LNG, Lacoste, Canada Goose, JBS Brazil, Dolby Laboratories, Illumina, and others) with varying data volumes and proof stages.
Data the group says was taken
AI dossier — extracted from the leak post- Grafana filetree
- jsonnet configuration files
- Internal system files
- Coinbase data (unspecified)
What the group claims
Grafana filetree uploaded along with sample of grafana/coinbase jsonnet file.
The leak post
captured from the group's siteGrafana filetree uploaded along with sample of grafana/coinbase jsonnet file. _ Cognizant 80GB data uploaded - Siveco You will not get away. They had no idea they were breached, we were roaming freely in their systems, they don't want to pay and that's fine, pay your employees more or we will just keep doing this to you. Samples will be uploaded soon. — We are looking for new partners/insiders. Send us a message to dicuss Peru LNG (Hunt LNG Operating Company) Rogiken / institute of Science Tokyo Lacoste - Updated with proof Canada Goose - Updated with proof Flash Charm INC - (IDERA) Verimatrix - 43gb Leaked PC SOFT FRANCE - Leaked JBS Brazil - Sample uploaded Dolby Laboratories - updated Sample RAKS Sp. z o.o. b Leaked ILLUMINA - Data uploaded ATG - New samples added Propertyfinder / PropSpace CRM - In aucitioin place your bids now !!! Grafana filetree uploaded along with sample of grafana/coinbase jsonnet file. _ Cognizant 80GB data uploaded - Siveco You will not get away. They had no idea they were breached, we were roaming freely in their systems, they don't want to pay and that's fine, pay your employees more or we will just keep doing this to you. Samples will be uploaded soon…
Data the group says was taken
- filetree
- jsonnet files
Sources
Source
Indexed 4 days agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.